Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-45232

Published: 16/01/2024 Updated: 13/03/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Edk2

Vulnerability Summary

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Availability.

Vulnerable Product Search on Vulmon Subscribe to Product

tianocore edk2

Vendor Advisories

Debian CVElist Bug Report Logs: edk2: CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 CVE-2023-45236 CVE-2023-45237
Debian Bug report logs - #1061256 edk2: CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 CVE-2023-45236 CVE-2023-45237 Package: src:edk2; Maintainer for src:edk2 is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@de ...
Debian CVElist Bug Report Logs: edk2: CVE-2023-45236
Debian Bug report logs - #1063726 edk2: CVE-2023-45236 Package: src:edk2; Maintainer for src:edk2 is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 21 Jan 2024 15:57:01 UTC Severity: important Found in version edk2/202311-5 Forwarded t ...
Debian CVElist Bug Report Logs: edk2: CVE-2023-45237
Debian Bug report logs - #1063727 edk2: CVE-2023-45237 Package: src:edk2; Maintainer for src:edk2 is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 21 Jan 2024 15:57:01 UTC Severity: important Found in version edk2/202311-5 Forwarded t ...
Amazon Linux 2: ALAS-2024-2483
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality (CVE-2023-45229) EDK2's Network Package is susceptible to a buffer ove ...
Red Hat:
Description<!---->This CVE is under investigation by Red Hat Product Security ...

References

CWE-835https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7hhttp://www.openwall.com/lists/oss-security/2024/01/16/2http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.htmlhttps://security.netapp.com/advisory/ntap-20240307-0011/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256https://alas.aws.amazon.com/AL2/ALAS-2024-2483.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook